≡ Menu


Ksplice: Upgrade / Patch Your Linux Kernel Without Reboots

All Linux distributions need a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other Linux distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade, you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to the kernel without rebooting the server. In this post, I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny. The technology and hack behind this looks pretty cool. This is useful if you’ve a small number of Linux based servers and/or you want avoid unscheduled reboot just to apply hotfix to Linux kernel.
[click to continue…]

Sysadmin because even developers need heroes!!!

Red Hat Enterprise Linux 5 IMPORTANT Security Update [ 4-Nov-2008 ]

Red Hat today released kernel updates to fix at least 15 security flaws in its core called Linux kernel. RHEL users can grab the latest updates from RHN website or by simply running yum update command. This update has been rated as having important security impact.
[click to continue…]

Critical Red Hat Enterprise Linux Kernel Update

Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.

Security fixes:

a) A missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important)

b) A flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

c) Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate)

d) a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)

e) A flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate)

Bug fix

a) A kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use.

b) On certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic.

c) With bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications.

How do I update my kernel?

Login as root and type:
# uname -mrs
# yum update
# reboot
# uname -mrs

Reboot Linux box after a kernel panic

If you want the server to get rebooted automatically after kernel hit by a pain error message, try adding panic=N to /etc/sysctl.conf file.

It specify kernel behavior on panic. By default, the kernel will not reboot after a panic, but this option will cause a kernel reboot after N seconds. For example following boot parameter will force to reboot Linux after 10 seconds.
[click to continue…]

Linux Disable the Ctrl-Alt-Delete shutdown keys

On a production system it is recommended that you disable the [Ctrl]-[Alt]-[Delete] shutdown. It is configured using /etc/inittab (used by sysv-compatible init process) file. The inittab file describes which processes are started at bootup and during normal operation. You need to open this file and remove (or comment it) ctrlaltdel entry.

Ctrlaltdel specifies the process that will be executed when init receives the SIGINT signal. SIGINT is the symbolic name for the signal thrown by computer programs when a user wishes to interrupt the process, for example reboot/shutdown system using [Ctrl]-[Alt]-[Del].). This means that someone on the system console has pressed the CTRL-ALT-DEL key combination. Typically one wants to execute some sort of shutdown either to get into single-user level or to reboot the machine.

Disable CTRL+ALT+Del keys

Open /etc/inittab file, enter:
# vi /etc/inittab

Search for line that read as follows:
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

And remove the line or comment out the above line by putting a hash mark (#) in front of it:
# ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Save the file and exit to shell promot. Reboot system to take effect or type command:
# init q

See also:

Re-read The Partition Table Without Rebooting Linux System

IIf you are using hot swappable hard disk and created a new partition using the fdisk, then you need to reboot Linux based system to get partition recognized. Without reboot, you will NOT be able to create a filesystem on your newly created or modified partitions with the mke2fs command.
The kernel still uses the old table. The new table will be utilized at the next reboot or after you run partprobe or kpartx command. Both of these programs informs the operating system kernel of partition table changes, by requesting that the operating system re-read the partition table.
[click to continue…]

Configure Ubuntu Linux GRUB to load FreeBSD

Recently my friend emailed me an interesting scenario. He installed FreeBSD 6.0 / 7.0 in the first primary partition (10G). One day he installed Ubuntu Linux. He can boot into Linux but not able to boot into FreeBSD. Now, my friend wanted to boot both FreeBSD and Ubuntu Linux via Grub boot loader.

It is not that hard to configure grub to boot FreeBSD. You just need to add following three lines to grub configuration file (/boot/grub/menu.lst). Boot into Ubuntu Linux and use text editor to edit the file /boot/grub/menu.lst ( Red hat and friends [ Fedora / CentOS ] try /etc/grub.conf file) :
$ gksudo gedit /boot/grub/menu.lst
$ gksudo vi /boot/grub/menu.lst
Append FreeBSD boot Configuration:

title  FreeBSD 7.0
root   (hd0,a)
kernel /boot/loader

Save and close the file. To see changes or to boot into FreeBSD reboot Ubuntu Linux box.

  • title FreeBSD 7.0 : Start a new boot entry. User always sees this title and hit enter key to boot os.
  • root (hd0,a) : Actual part is to select the correct root partition. The root option set the current root device to the device, then attempt to mount it to get the partition size. In above example – hd0 is your first hard disk i.e. hda in Linux. In grub hda is hd0. Likewise your first, second partition on the first hard disk – hda1, hda2, becomes hd0,0 hd0,1 in Grub. In short, you are asking to use first hard first partition (remember FreeBSD use a,b,c names to represent partition names). If you have installed FreeBSD on third partition then you need to use following root statement:
    root (hd0,2,a)
  • kernel /boot/loader : Use to load the primary boot image. FreeBSD use /boot/loader to load rest of kernel and os.